December 8, 2016

VLC fixes a couple of security vulnerabilities and adds support for Retina display on the new MacBook Pro

VLC 2.0.2 “Twoflower”, which is being called “an important update”, has been released by the VLC project team to fix a series of regressions to the 2.0.x branch of VLC, to fix a couple of security vulnerabilities and to add support for Apple’s Retina Display (HiDPI) on the new MacBook Pros.

According to the release page, 2.0.2 fixes a couple of hundreds of bugs, and adds more than 500 commits on top of 2.0.1. These fixes include:

  • Fix video output for old graphic cards on Windows XP, which are using DirectX
  • Fix video output on old Macs, notably PowerPC and GMA950 intel Macs.
  • Fixes for splitted RAR, MKV segmented, mp4 and Real media files playback.
  • Fixes for subtitles auto-detection
  • Fixes on Qt, skins2 and web interfaces
  • Fixed crash when trying to open an Audio CD by drag & drop
  • Fixed a crash when attaching hard drives with multiple partitions while VLC is running

According to a blog post by VLC developer Felix Kühne, VLC 2.0.2 also includes the following security content:

  • Fixed Ogg Heap buffer overflow
  • Updated taglib (CVE-2012-2396)

CVE-2012-2396 describes how VLC 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a specially crafted MP4 file. More details on this can be found here where an exploit and POC are given.

More details about VLC 2.02 can be found in the release notes and it can be downloaded for Windows, Mac OS X and Linux here.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks